From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 28 May 2024 15:29:33 -0700 Received: from mail-yb1-f186.google.com ([209.85.219.186]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sC5K1-0007qA-Cj for bitcoindev@gnusha.org; Tue, 28 May 2024 15:29:33 -0700 Received: by mail-yb1-f186.google.com with SMTP id 3f1490d57ef6-df7721f2e70sf388270276.0 for ; Tue, 28 May 2024 15:29:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1716935367; x=1717540167; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:sender:from:to:cc:subject:date :message-id:reply-to; bh=z4S8zB8bx/38qfIVDCOjnlJNcHEKpN3gGs//SWyCm3I=; b=ufzgvIa8X8OaXrhgX3G7IPF1S2Wn0WCT6p7W1klO/00PQixVDEYKA1WkAwaT2ZQHTM R2m9n5C2svzjfvwbjmMoDy5hvmgNmjS4OAQy7cgf9iW1DYgR9cZ+e1LYVETAg/SqeS86 lPniNbYrWnjs7GWXZX4RLFbJGbd3sCmR1OyuQFaU2THMrsZiHpDp7Ut3WxTd5Xqz2Zxx wSZHbGCy9XyQ4sebDXsrMWk95VGT5w+CwxXNuqOVu4wKmw5iMAqNXS5XJ73D0IyTB9mx SasCH0Qc/hEVR1bKVuNcjbJ5ReVku7aoOQ7PycbMRmTbC/49fVk5jOI7qC44A1E+Lvwk kZQQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1716935367; x=1717540167; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:from:to:cc:subject:date:message-id :reply-to; bh=z4S8zB8bx/38qfIVDCOjnlJNcHEKpN3gGs//SWyCm3I=; b=NtP/t4tp/Y2RbP8CAx1kcazrYWgSz6OFWvpb0u8JqCRJ3Uwpsu12Io8VtFiHSPSuo6 Be0VTEwp2qGBXtgZeunmFo4cg82RzG5Es/B9huhMbEw/6dCoAoTlYEsosFpPZw9mbbXT sZ6NzRuC33q3gunWkhn/m7HSP7ySaKfVGFK8265SWPcXT0BTOsL6fZTdM59UTsEYg4E6 hJB26X0+gxSf9OmZK+HoiF8vsCaw1vU2w6kegkxXo0rfgA0WLHZ8KsrJwnfQDkGqSiLF 0im8RwJG4kcgtjBeTFiAPq606fgBG06BhThFncewfcQpUiJ6kIos2MgwpFrpcA8WFeFX U3Hw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1716935367; x=1717540167; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:message-id:to:from:date:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=z4S8zB8bx/38qfIVDCOjnlJNcHEKpN3gGs//SWyCm3I=; b=GZMC3r6t4C6QhlxKc9jy9JjajMtPXucJgZ1JL/40OM6i5cEimUi+mKQL9C/Ga2wTGN E2I3YI4hnO5F/Isy7r5jkzXV2AQtw5DW8Zu7ztmkS+YMYPXKv/Vfyje8m8zs74vNIJQT 0x3f2Ha3RB/wAE1R62xLZgB92DxwgdIhIrLG3HbgmMrILx8sxiDKlcXunOBDm+XvMT9w fJSxdDnVy9rcFXFqgzvfTwUt8nPFZDHwn1XGMB/XFltdHYQUphyq3oMv5k3JC6lGRJzz 20lXBfnGMtN1nPLFmg5bIOOzlgZvMP5D8S5eOtwnENWE5L4TPpdBfkWYoxzAj52a8/sl T4oQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCVJVQeRkta9B4LtfcgM0Tspmr85fJesEXaWiWPvbnWm/J/7JRB0T9oOdup5vIKnyuLQ4XkIN8Z/KVwRtuMp0NmUmookcR0= X-Gm-Message-State: AOJu0YxA/GBkiskMHhAjULo8OLiweE5EDQdPqbmAvdy8nnaWmVmTYFCC ut4Zxke0985PF5skm+DUOulyXFqbMxVfssnslIMMHPjsS1Tn3cqK X-Google-Smtp-Source: AGHT+IFBJilUbdSSg2wxtc6PPIV8uJN8lZW9pzgPtjEAXHey/UpHVsGnDjAl+Oxiu5G3fS4LGzKrTA== X-Received: by 2002:a25:af13:0:b0:df4:d93b:cabb with SMTP id 3f1490d57ef6-dfa46430361mr385997276.1.1716935367099; Tue, 28 May 2024 15:29:27 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a25:7416:0:b0:df4:e354:514c with SMTP id 3f1490d57ef6-df7c6797be7ls321742276.1.-pod-prod-05-us; Tue, 28 May 2024 15:29:25 -0700 (PDT) X-Received: by 2002:a05:6902:1207:b0:df4:ee8a:bfd2 with SMTP id 3f1490d57ef6-df77221652emr3798392276.12.1716935365476; Tue, 28 May 2024 15:29:25 -0700 (PDT) Received: by 2002:a05:690c:2b83:b0:620:26bb:319f with SMTP id 00721157ae682-62a0b4bcbe4ms7b3; Mon, 27 May 2024 19:04:51 -0700 (PDT) X-Received: by 2002:a05:690c:62c8:b0:622:d03f:ebf with SMTP id 00721157ae682-62a08dcb424mr28620017b3.3.1716861890901; Mon, 27 May 2024 19:04:50 -0700 (PDT) Date: Mon, 27 May 2024 19:04:50 -0700 (PDT) From: Aneesh Karve To: Bitcoin Development Mailing List Message-Id: <6d012560-4a66-4346-a1e8-8d8e5c879b29n@googlegroups.com> Subject: [bitcoindev] Pre-BIP feedback: Secrets keychain with semantic derivation MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_161068_542952046.1716861890607" X-Original-Sender: aneesh.karve@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_161068_542952046.1716861890607 Content-Type: multipart/alternative; boundary="----=_Part_161069_700989787.1716861890607" ------=_Part_161069_700989787.1716861890607 Content-Type: text/plain; charset="UTF-8" Greetings, After reading and implementing BIP-85 I entertained the possibility of a generalized keychain application atop hierarchical deterministic wallets. Here is the pre-proposal for said BIP-Keychain on GitHub . Below are the Abstract and Motivation. See the link above for the full spec. Let me know if I should proceed to submit this as a proper BIP. Thank you. # Abstract We extend the hierarchical deterministic wallet chain from BIP-32 with a new application code for BIP-85 and a deterministic path derivation algorithm that allows applications to create a large key-value map of secrets where the key for each secret is a meaningful semantic path, as opposed to an arbitrary integer. This secure key-value map can replace modern password managers and offers an improved, possibly trustless security profile. # Motivation BIP-85 specifies how to derive passwords, private keys, and entropy from paths with the following form: ``` m/83696968'/{app_no}'/{index}' ``` Nevertheless BIP-85 has the following ambiguities and shortcomings: 1. Path construction is arbitrary in that there is no well-defined procedure to extend the path for applications that require more than two parameters. The implied convention is for paths to end with `{some_integer_n}'{index}'` but there is no guidance on the order of parameters for applications that need more than two inputs. 1. Return types for applications vary in interpretation and are not specific enough to be actionable. For example sometimes `n` represents the number of bytes, sometimes the number of characters, sometimes the number of BIP-39 words, etc. Moreover, modern password managers protect hot child secrets with a single root master hot secret such that if the master secret is compromised all children are also compromised. BIP-Keychain proposes a new paradigm where numerous hot or cold secrets are derived from hot but non-secret-compromising _derivation path keys_ that are in turn stored under a hot master secret such that if this hot master is compromised only the _derivation path keys_, and not the actual child secrets (_derivation path values_), are compromised. Said hot master secret can itself be the child derivative of a cold master key. The master key for deriving the secret values need not be stored online nor with the derivation path keys and may be provided just-in-time by the application. Moreover, _generalized derivation paths_ may be interpreted not simply as an input to key derivation but also as information about the real world. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/6d012560-4a66-4346-a1e8-8d8e5c879b29n%40googlegroups.com. ------=_Part_161069_700989787.1716861890607 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Greetings,

After reading and implementing BIP-85 I entertained the possibility o= f a generalized keychain application atop hierarchical deterministic wallet= s.

Here is the pre-proposal for said BIP-Keychain on GitHub. Below a= re the Abstract and Motivation. See the link above for the full spec.
=

Let me know if I should proceed to submit this as a p= roper BIP.

Thank you.


# Abstract

We extend the hierarchical determin= istic wallet chain from BIP-32 with a new
application code for BIP-85 = and a deterministic path derivation algorithm
that allows applications= to create a large key-value map of secrets where the key
for each sec= ret is a meaningful semantic path, as opposed to an arbitrary integer.
This secure key-value map can replace modern password managers and offers = an improved, possibly trustless security profile.

# Motivation

BIP-85 specifies how to derive passwords, p= rivate keys, and entropy from paths
with the following form:

```
m/83696968'/{app_no}'/{index}'
```

Nevertheless = BIP-85 has the following ambiguities and shortcomings:

1. Path c= onstruction is arbitrary in that there is no well-defined procedure to
extend the path for applications that require more than two parameters.The implied convention is for paths to end with `{some_integer_n}'{index= }'`
but there is no guidance on the order of parameters for applicatio= ns that need more
than two inputs.

1. Return types for appl= ications vary in interpretation and are
not specific enough to be acti= onable. For example sometimes `n` represents the
number of bytes, some= times the number of characters, sometimes the number of
BIP-39 words, = etc.

Moreover, modern password managers protect hot child secret= s with a single root
master hot secret such that if the master secret = is compromised all children are
also compromised.

BIP-Keych= ain proposes a new paradigm where numerous hot or cold secrets are derived<= br />from hot but non-secret-compromising _derivation path keys_ that are i= n turn stored
under a hot master secret such that if this hot master i= s compromised only the
_derivation path keys_, and not the actual chil= d secrets (_derivation path values_),
are compromised. Said hot master= secret can itself be the child derivative of a
cold master key. The m= aster key for deriving the secret values need not be stored
online nor= with the derivation path keys and may be provided just-in-time by the
application.

Moreover, _generalized derivation paths_ may be in= terpreted not simply as an
input to key derivation but also as informa= tion about the real world.=C2=A0

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg= id/bitcoindev/6d012560-4a66-4346-a1e8-8d8e5c879b29n%40googlegroups.com.=
------=_Part_161069_700989787.1716861890607-- ------=_Part_161068_542952046.1716861890607--